Beating back biggest risk - the 'inside job'

IT administrators have long been aware of internal data security threats but have had little ammunition to combat them.
Written by Jim Kerstetter, Contributor

At the RSA Data Security Conference in San Jose, California, this week, two small companies will address an obvious weakness in enterprise security: the ability of disgruntled employees -- or hackers armed with employee passwords -- to gain access to sensitive data.

With new software from Shym Technology Inc. and Network-1 Security Solutions Inc., companies that have focused on building a virtual fortress around their networks will now be able to ensure that people already inside don't go where they shouldn't -- either accidentally or maliciously. "Internal security is obviously an area we spend a great deal of time with," said Neal Fuerst, a security analyst at a Southwestern manufacturing company. "The dollar values associated with a loss like that would be astronomical in our environment."

Network-1 will discuss at the RSA conference CyberwallPlus, a suite of applications that includes CyberwallPlus VPN, a network-to-network virtual private network; CyberwallPlus-AP, which protects any communications protocol inside the enterprise; and CyberwallPlus-IP, a traditional external firewall.

CyberwallPlus-AP, in particular, addresses internal security concerns. It is a packet inspection engine that can sit anywhere inside a network and support multiple network protocols. It has no IP address, so it is hidden from attack, and it can block important company data, such as financial information, from the rest of the enterprise. It also detects activities such as untrusted users trying to connect to trusted parts of the network or users moving large files out of secure areas. "You can put an internal firewall in between your critical servers and everyone else," said Mike Waldenberger, a technologist at Tessco Technologies Inc., in Hunt Valley, Md., which is implementing CyberwallPlus-AP. "It's another layer of access that says some people can go in there and some people cannot." CyberwallPlus VPN is $5,995 (£3,655), CyberwallPlus-AP costs $4,995 (£3,045) and CyberwallPlus-IP is $1,995 (£1,216). They will ship in the first half of the year.

Shym is trying to make it easier for administrators to hook a PKI (public-key infrastructure) into existing enterprise applications, including SAP AG's R/3 suite, PeopleSoft Inc.'s enterprise applications, Documentum Inc.'s document management applications and Lotus Development Corp.'s Notes.

By tying a PKI into enterprise applications, administrators can improve access control while opening internal data to business partners. The Shym PKEnable product suite includes the Shym Integration Layer, the Shym Provider Interface and the PKEnable server. It will be available in April; a pilot package for as many as 100 users is $10,000 (£6,097).

Administrators say there's no question that internal risks far outweigh external security concerns. FBI statistics back that conclusion. A survey of Fortune 500 companies conducted last year found that most data thefts came from internal users. Policy can help. At Fuerst's company, confidential data that leaves the building on laptops must be encrypted using a PKI from Entrust Technologies Inc. Some data is considered so confidential that it must be encrypted whenever it is not being viewed on a screen.

Waldenberger said he's never seen an external attack do much damage. But internal threats are another story, and any technology that would prevent them is a help. "The biggest problem is they lay off an employee and then they don't walk them to the door," he said. "They let them sit there for a week and think about what happened."

Editorial standards